CVE-2017-15133 — Denial of service via open idle connection in github.com/miekg/dns

Description

A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.

How to fix CVE-2017-15133

To remediate CVE-2017-15133, upgrade the affected package to a fixed version below.

Debian/golang-github-miekg-dns—upgrade to 0.0~git20170501.0.f282f80-3 or later
—upgrade to 1.0.4 or later
—upgrade to 1.0.4-0.20180125103619-43913f2f4fbd or later

Is CVE-2017-15133 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 0.0~git20170501.0.f282f80-3
from 0, < 1.0.4
from 0, < 1.0.4-0.20180125103619-43913f2f4fbd

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-15133
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2017-15133
WEBbugzilla.redhat.com/show_bug.cgi?id=1538763
WEBgithub.com/miekg/dns/commit/43913f2f4fbd7dcff930b8a809e709591e4dd79e
WEB